Search This Blog

Saturday, February 25, 2017

You are about to view sensitive medical information, please take appropriate privacy measures

My medical clinic has an app. You can make appointments, view lab results, medical history, etc.

I logged in to make an appointment. As it was connecting, it tells me "You are about to view sensitive medical information, please take appropriate privacy measures." OK, sounds reasonable.

Now let's take a step back. How did i log in? Was it with a username and password? A one-time verification code texted to me? NO. It was with my government-issued ID number and birth year!

I am indignant! That isn't even private information! The number of places my ID number and birthday appear -- publicly and privately -- is shocking.

You don't even implement a secure login and have the chutzpah to tell me to watch my privacy?!

I am going to write to them and complain as soon as i figure out who to send it to.

UPDATE: It appears that this easy login only works for making appointments. Viewing any other information requires your ID, randomly-assigned username, and password, which i suppose counts as secure enough.